Welcome to the Internet of Payments

MasterCard and Visa are imbuing clothes, wearables, cars, and all manner of mobile and in-store experiences with the power of one-touch buying.

BARCELONA—Mobile payments technology dominated Mobile World Congress (MWC) this year, and not exactly in the ways you'd expect. MasterCard and Visa are granting payment capabilities to a wide range of devices and objects—from wearables and smart clothes to connected cars—turning the Internet of Things (IoT) into a tokenized payments network. Anything a consumer wears or carries becomes a mobile point-of-sale (POS) to complete transactions using a swipe or a tap.

Visa is expanding its Visa Ready program to the IoT. The program consists of a framework and best practices to enable Visa payments on any platform. This also means putting its Visa Token Service (VTS)—technology that replaces 16-digit credit card numbers with a unique digital identifier—into wearables, appliances, clothes, and transportation through a new group of Visa Ready partners. That includes Coin, Samsung, wearable payments company FitPay, and smartwatch manufacturers Chronos and Pebble. MasterCard, meanwhile, is doing the same, having just announced developer partnerships with Coin and WISeKey to bring payments to wearables and luxury watches.

Both companies had flashy MWC booths that looked more like department stores, with mocked-up mobile payment-enabled storefronts, cases of high-end jewelry and watches, smart clothes on racks, connected appliances like refrigerators, and new cars with tokenized keys. For consumers, it's a natural, hassle-free buying experience; they get the choice of paying however they like, and through whatever means they choose. Commerce has always been a function of choice, according to Sherri Haymond, MasterCard's Senior Vice President and Group Head of Digital Payments & Labs.

"A few years ago, we recognized an opportunity to ensure that, as payments became digital, they did so in a scalable way that made them accessible to regular people for a great consumer experience," said Haymond. "For the past couple months, we've been really focusing on building the foundation to create this ecosystem around not just wearables, but all different kinds of connected commerce experiences: wearables, watches, fitness bands, jewelry, clothing, all sorts of connected everything."

Tokens Are Middleware For RetailersThe trick to actually making these connected payment methods feasible for businesses is to take the merchant complication out of mobile transactions. At the same time, consumers still need that choice and the ability to pay in an instant, without ever taking a card out of their wallets.

American Express, MasterCard, and Visa collaborated with EMVCo to help develop and publish the EMV Payment Tokenization Specificationin 2014. As Haymond explained, the MasterCard Digital Enablement Service (MDES) is built on the standard and serves as the company's credential management system or token vault connecting banks to device manufacturers.

Mark Jamison, Visa's Senior Vice President of New Product R&D and Design, talked about what tokenization really means for businesses and consumers.

"Tokenization is this foundation that's going to allow commerce to be embedded in everything," said Jamison. "With the [IoT], anything you can connect to the web can hold a token, and that represents you in a secure way; the car we have in our booth is a tokenized device."

On the retail side, merchants see a trend, such as the IoT, where consumers would like to use near field communication (NFC) to browse, scan, and pay for goods. To enable this kind of commerce on a broader scale, they can't get bogged down in the painstaking process of adding support for every new connected payment method. MasterCard and Visa don't work with the end consumer in this new kind of payment scenario; they operate on a business-to-business (B2B) level so the businesses themselves don't have to worry about investing in and implementing payment processing for every individual connected device.

The credit card companies are uniquely positioned to act as the middleman between retailers and end-users. They're working with acquirers, issuers, merchants, and processors to create the standards around how businesses can securely adopt this deluge of new payment vectors. As the Internet of Payments expands, the credit card companies' presence at MWC this year represents the connective layer between the technology providers and the retailers.

"We go where businesses are pulling us but, at the same time, we have an obligation to set the standard," said Jamison. "For example, with the 'Pays'—Apple Pay, Android Pay, Samsung Pay—we built out tokenization to make sure the payments were secure, reliable, and worked for everyone. That's also why we built out VDAP [Visa's Digital Enablement Program] to set up rules for how that interaction works. We want to be a steward for this ecosystem."

For Visa's part, the next step in expanding the ecosystem is developers. The company announced the launch of Visa Developer earlier this month, expanding its Internet of Payments ecosystem beyond these retail and technology partners, to offer payment technologies including account holder identification, person-to-person payment capabilities, and Visa Checkout as open application programming interfaces (APIs).

"When you think about your business as a platform, you'll now have new use cases built on top of it by third parties we haven't traditionally thought of," said Jamison. "It expands the possibilities for payments to be embedded in even more ways."

Securing the Internet of PaymentsMasterCard and Visa's MWC booths showcased proof-of-concept demos around thumb and palm print biometrics, iris scans, voice recognition, and facial recognition. MasterCard is even letting consumers snap a selfieto verify their identity. These extra mechanisms are layered on top of the checkout experience to keep the experience secure in a natural way, without overcomplicating how easy these mobile payments are designed to be in the first place.

Ajay Bhalla, MasterCard's President of Enterprise Security Solutions, said it's challenging from a security perspective to make sure every commerce-enabled device won't compromise the data that users have stored, and tokens are just a piece of this.

"There are multiple layers of security working in everything we do," said Bhalla, explaining the company's multi-layered strategy. "When the transaction comes in, it's screened through algorithms to detect anomalies; your card has an EMV chip and mobile devices have tokenized credentials. Finally, you need a consumer play. The consumer needs to authenticate these devices before they can start off, whether it's their phone, watch, or car. And we're looking at biometrics in a major way."

Many of the biometric security mechanisms are experimental, and both MasterCard and Visa had booth demonstrations for technologies that are not yet on the market. Touch ID fingerprint scanning is widely adopted and MasterCard's selfie pay is coming this summer, but devices such as Visa's palm print scanner and MasterCard's heartbeat biometric identification (based on fitness trackers) are further away from the market.

Fingerprint scanning through technologies such as Apple's Touch ID and Samsung's Finger Scanner are widely adopted across mainstream mobile devices, and MasterCard's selfie pay is coming this summer. But technologies such as Visa's palm print scanner and MasterCard's heartbeat biometric identification (based on fitness trackers) are further away from the market.

What is more readily available are new, real-time intelligence solutions. MasterCard rolled out two new security products this week as part of its MasterCard IQ Series, designed to detect fraud. Bhalla pointed to Assurance IQ, in particular, as a way to more accurately analyze and approve transactions by calculating a blended risk score based on information gathered from the consumer's device and the merchant's system. During a digital transaction, Bhalla explained that, if Assurance IQ is authorized by the user, it can extract all of the information on your device, browser, or location, and let MasterCard's network pass that information to the issuing bank.

"From the retailer's perspective, we're trying to take away consumer pain points," said Bhalla. "We're trying to implement technology that if consumers agree to share that information with us, we can check the behavior of the card and the merchant to ensure quick, accurate authorization. Consumers want and need security with all these new payment methods, and the value in these mobile devices is that all the information we need to help ensure this is already there."